RuneScape Forum Archive

Nov

2021

MagicDemon

Posts: 652 Steel Posts by user Forum Profile RuneMetrics Profile

So, I just want to start off saying, I'm not sure if this is the correct place for this..

That said, my account was compromised sometime.before Christmas (not exactly why I'm here but more a precursor) and I lost pretty much everything of any value. My account was banned (and subsequently unbanned after appeal) due to macroing by whoever stole my account, and I was basically naked and left for dead in the wild...

Which leads me to this... WHY is there a bank PIN, if there's no stopping someone from simply removing it from dormant (or seldom used) accounts? I mean really, Jagex couldn't drop an email to tell me someone attempted removal of my bank PIN to confirm if it was me? There simply has to be an easier way to stop people from stealing accounts, rather than just letting it run rampant. If I'd received an email stating my PIN was attempted to be removed, all of this would've never happened, and I'd have never lost countless time and GP value from my account.

I'm not here to complain, because it's partially my own fault for not having time to log into the game due to work, but really? You have all these failsafes in place to prevent hacking but simply allow a hacker to remove a PIN without any contact to the owner of the account for verification?

THESE are the things we need. Email or text verification of changes to passwords AND PIN numbers. Not new techniques, or changing the launcher, etc. Physically tell me when someone else has access to my account. A new location logged in? Tell me! Someone tried to change, remove, or otherwise alter a PIN or password? TELL ME. Every other website does, so why don't you?

04-Jan-2024 20:47:15

Jan

2015

Tenebri

Posts: 39,236 Sapphire Posts by user Forum Profile RuneMetrics Profile

to remove bank pin there is a time limit.

if you have proper security. you will get emails when this happens. this will then give you plenty of time to recover your account before the hackers can bypass the bank pin.

a layered security is better than relying on 1 piece of security
200m all RS3 on 7/3/19

1.2Billion overall Slayer xp / Ultimate slayer title

OSRS 2277/2277 Untrim slayer cape

Hail Satan, He loves for who you are.

04-Jan-2024 21:24:58

Nov

2021

MagicDemon

Posts: 652 Steel Posts by user Forum Profile RuneMetrics Profile

Very true, there is a time limit.. However, when someone doesn't play for an extended period, there needs to be some other form of communication on the part of Jagex.

I had all my security settings set, and I received no email communication for the bank PIN removal. I also set a new bank PIN when I regained access to my account, and no email communication was sent for that, either. I never even received an email when my account was banned for macroing while it was stolen, so I had no idea what was going on until I tried to log into the account to play.

Unless I'm unaware of some setting within the security settings, I don't know of any way of "forcing" it to send me emails when these things happen.

06-Jan-2024 02:32:57

Nov

2011

Applejuiceaj

Forum Moderator Posts: 44,957 Sapphire Posts by user Forum Profile RuneMetrics Profile

MagicDemon said :
Unless I'm unaware of some setting within the security settings, I don't know of any way of "forcing" it to send me emails when these things happen.

Jagex Accounts do what you're looking for, they are replacing legacy RuneScape accounts. Emails are sent for changes made to your Jagex Account, including every new login to the account. It sounds like you haven't upgraded yet - you should consider upgrading to better protect your account.

There is information on Jagex Accounts on the Support Centre:

https://help.jagex.com/hc/en-gb/articles/12423096201873-Jagex-Accounts-FAQ

06-Jan-2024 22:54:10

Nov

2021

MagicDemon

Posts: 652 Steel Posts by user Forum Profile RuneMetrics Profile

Applejuiceaj said :

Jagex Accounts do what you're looking for,

I have upgraded, but it was very clearly after all of this had taken place. That said, however, I still have not ever received an email when logging in from a new device, nor when I reset my bank PIN, which is the main reason for this post. I do receive emails when logging in, in the form of verification codes for login after upgrading, which makes it better, but also an extreme annoyance that doesn't need to exist, if there were emails regarding new logins and bank PIN requests (whether to reset, remove, or add).

I get the reason for the Jagex account, and I'm glad to see that something has been done, but it seems a little overkill, when the system that was already in place could've had a proper improvement and everything would have worked similarly without needing additional steps to log into the account... That's the only thing I've seen the newer security do, is add an email verification step to login that you cannot remove. Everything else remains identical to the way it was.

06-Jan-2024 23:52:19

Jan

2015

Tenebri

Posts: 39,236 Sapphire Posts by user Forum Profile RuneMetrics Profile

MagicDemon said :
Very true, there is a time limit.. However, when someone doesn't play for an extended period, there needs to be some other form of communication on the part of Jagex.

there is.

as i already stated in my original post.

Tenebri said :

if you have proper security. you will get emails when this happens.

this will then give you plenty of time to recover your account before the hackers can bypass the bank pin.

^^

MagicDemon said :

I get the reason for the Jagex account, and I'm glad to see that something has been done, but it seems a little overkill, when the system that was already in place could've had a proper improvement and everything would have worked similarly without needing additional steps to log into the account... That's the only thing I've seen the newer security do, is add an email verification step to login that you cannot remove. Everything else remains identical to the way it was.

how is it adding another step to log in?

with the jagex account its much smoother and quicker to log in.

the email verification is an option.

how is it the same as before?

passwords are improved.

they can be 64 chars long and use all utf-8 chars (improvement)

we now have 10 back up codes. didnt have before. these can only be used once each time. can be used to recover account. there should be no way for hackers to get these randomly generated codes. (unless the owner gave them, thats silly) another improvement.

an email is sent with every new log in and account change.

brute force protection feature. (improvement)

less login times (as its all saved) this stops keyloggers etc (improvement)

you can end all saved logins on all devices (using codes) this stops hackers (improvement)

all accounts are managed in one place. so much easier (improvement)

how is it the same? with all of those improvements?
200m all RS3 on 7/3/19

1.2Billion overall Slayer xp / Ultimate slayer title

OSRS 2277/2277 Untrim slayer cape

Hail Satan, He loves for who you are.

08-Jan-2024 16:04:05 - Last edited on 08-Jan-2024 16:20:05 by Tenebri

Jan

2015

Tenebri

Posts: 39,236 Sapphire Posts by user Forum Profile RuneMetrics Profile

by the sounds of it, you havent set up a 2fa. (which is safer)

so you need to go to jagex account - settings - enable authenticator via app -

this should prompt getting 10 codes. also which you should write down and do not lose them!

now you have 2fa set up via app, and it wont give you prompt via email.

this is safer because if your email gets compromised they wont be able to access your accouint via your email.

having the best security possible keeps your account as safe as possible. if you dont there are many backdoors to your account. and all of that is down to you
200m all RS3 on 7/3/19

1.2Billion overall Slayer xp / Ultimate slayer title

OSRS 2277/2277 Untrim slayer cape

Hail Satan, He loves for who you are.

08-Jan-2024 16:33:45

Forums

Bank Pin...

MagicDemon

Tenebri

MagicDemon

Applejuiceaj

MagicDemon

Tenebri

Tenebri